CVE-2007-2225

Published Jun 12, 2007

Last updated 6 years ago

Overview

Description: A component in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle certain HTTP headers when processing MHTML protocol URLs, which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "URL Parsing Cross Domain Information Disclosure Vulnerability."
Source: secure@microsoft.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:*:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CD264C73-360E-414D-BE22-192F92E5A0A3"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "6881476D-81A2-4DFD-AC77-82A8D08A0568"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "644E2E89-F3E3-4383-B460-424D724EE62F"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp1:*:itanium:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "7D11FC8D-59DD-4CAC-B4D3-DABB7A9903F1"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_2003_server:sp2:*:itanium:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D21D1DFE-F61B-407E-A945-4F42F86947B0"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:professional_x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E0BBA081-24D5-4990-882F-69CB05CC28CF"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:professional_x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1AB9988B-5A9C-4F6D-BCCC-4D03AC6E4CF9"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:outlook_express:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85FD3557-956D-4A96-8AA5-5FD9DB87FD11"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D34A558F-A656-43EB-AC52-C3710F77CDD8"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_vista:*:gold:x64:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9DC56EB-EDC4-4DFE-BA9B-B17FF4A91734"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:windows_mail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0BDD015F-267D-4E33-885B-6A14F493CCC5"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References